Exploit CGIScript.net - 'csPassword.cgi' 1.0 HTAccess File Modification

Exploiter

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
21495
Проверка EDB
  1. Пройдено
Автор
STEVE GUSTIN
Тип уязвимости
WEBAPPS
Платформа
CGI
CVE
cve-2002-0919
Дата публикации
2002-05-30
Код: 
source: https://www.securityfocus.com/bid/4888/info

CGIScript.net provides various webmaster related tools and is maintained by Mike Barone and Andy Angrick.

A vulnerability has been reported in the csPassword.cgi script developed by CGIScript.net. It is possible for an authenticated user to add directives and make changes to the generated .htaccess file. 

javascript:void(document.form1.title.outerHTML="<textarea name=title>&lt;/textarea&gt;");

Adding the javascript as part of the URL will change the text field into a textbox allowing users to enter newlines and other characters.
 
Источник
www.exploit-db.com
Войдите или зарегистрируйтесь для ответа.

Похожие темы

Exploiter
Exploit Cobalt RaQ 2.0/3.0 - Apache .htaccess Disclosure
Ответы
0
Просмотры
437
Эксплойты & Уязвимости
Exploiter
Exploiter
Exploiter
Exploit Apache mod_ssl 2.8.x - Off-by-One HTAccess Buffer Overflow
Ответы
0
Просмотры
302
Эксплойты & Уязвимости
Exploiter
Exploiter
Exploiter
Exploit XOOPS 2.3.3 - '.htaccess' Remote File Disclosure
Ответы
0
Просмотры
260
Эксплойты & Уязвимости
Exploiter
Exploiter
Exploiter
Exploit Htaccess Passwort Generator 1.1 - 'ht_pfad' Remote File Inclusion
Ответы
0
Просмотры
237
Эксплойты & Уязвимости
Exploiter
Exploiter
Сверху Снизу